Microsoft says its systems have been exposed to SolarWinds hacking

By: Bloomberg | New Delhi |

Updated: December 18, 2020 9:16:12

Microsoft Corp. said its systems were exposed to malware used in Russia-related hacking that targeted U.S. states and government agencies, adding that investigations so far show that the malicious software hasn’t been used. to attack others and had no impact on customer data or outward facing systems.

The company is a customer of SolarWinds Corp., whose software hackers are believed to have used to gain access to networks by installing malicious code. Microsoft found code related to that cyber attack “in our environment, which we isolated and removed,” spokesman Frank Shaw said in a statement posted on his Twitter account. “We found no evidence of access to manufacturing services or customer data. Our investigations, which are ongoing, have found absolutely no indication that our systems were used to attack others. “

Reuters previously reported that Microsoft was hacked and its systems were used to attack other entities, citing people familiar with the matter.

Any successful cyberattack against Microsoft, the world’s largest software manufacturer and second largest cloud infrastructure provider, could damage its reputation as a trusted provider of cloud software and security services. The software giant’s involvement emerged as the broader repercussions of far-reaching hacking became clearer. SolarWinds customers include government agencies and Fortune 500 companies, according to the company and cybersecurity experts. The Homeland Security, Treasury, Commerce and State departments have been breached, according to a person familiar with the matter. The US Nuclear Weapons Agency and at least three states were also violated.

Separately, Microsoft said in a blog post about the broader cyberattack it has identified and worked this week to notify more than 40 customers that hackers have targeted more accurately and been compromised through additional and sophisticated measures. . During its investigation of its own networks, Microsoft also helped customers monitor and cope with the attack.

Microsoft, headquartered in Redmond, Washington, has become a major provider of cloud and security software and services, including for large government agencies, making its reputation as a network security key to sales. The U.S. Department of Defense awarded Microsoft a $ 10 billion cloud computing contract, which is currently being challenged in court by competing bidder Inc.

In a warning Thursday that signaled growing alarm over the recent breach, the US Cybersecurity and Infrastructure Security Agency said the hackers posed a “serious risk” to federal, state and local governments, as well as to critical infrastructure. and the private sector. The agency said the attackers displayed “sophistication and complex skill”.

In a filing with the US Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 customers.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay up to date with the latest headlines

For all the latest technology news, download the Indian Express app.

© IE Online Media Services Pvt Ltd